[Bug 392759] Re: apache2 DoS attack using slowloris
Jonathan Marsden
jmarsden at fastmail.fm
Mon Sep 21 01:50:18 BST 2009
Dekar: Did you actually test this at all? Please provide some evidence
to support your claims.
You have said that you believe this issue is:
> A real problem, exploitable for many people in a default
> installation. Includes serious remote denial of services,
> local root privilege escalations, or data loss.
The default installation, when one installs apache2 using
sudo apt-get install apache2
uses the apache2-mpm-prefork module, not apache2-mpm-worker. The
article by LiraNuna clearly states:
I assume you are using the threaded version of Apache, else you are
not vulnerable to this type of attack.
Please justify your claims about this being a high priority issue,
affecting many people in the default installation, in the light of this.
More generally, if you believe this to be a significant issue for many
people, rather than making unfounded statements here, please do the
community a service and package the module that you wish to see included
in Ubuntu :)
--
apache2 DoS attack using slowloris
https://bugs.launchpad.net/bugs/392759
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list